CVE-2019-18189 — Path Traversal in Officescan

CWE-22 — Path Traversal CWE-125 — Out-of-bounds Read CWE-400 — Uncontrolled Resource Consumption5 documents5 sources

Severity

9.8CRITICALNVD

EPSS

0.6%

top 30.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Officescan Trendmicro Worry-free Business Security

Timeline

PublishedOct 28

Latest updateMay 24

Description

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDtrendmicro/worry-free_business_security10.0, 9.5+1

▶NVDtrendmicro/officescan11.0, xg+1

🔴Vulnerability Details

GHSA

GHSA-q46j-mg66-8mgv: A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11↗2022-05-24

▶

CVEList

CVE-2019-18189: A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11↗2019-10-28

▶

📋Vendor Advisories

Red Hat

sox: OOB read in function read_samples in xa.c:219 causing denial of service↗2019-07-14

▶

💬Community

Bugzilla

CVE-2017-18189 sox: NULL pointer dereference in startread function in xa.c↗2018-02-15

▶